Java服务器上具有Socket.IO的“访问控制允许来源”

Question

I've got the following problem: I'm running a JAVA Server with socket.io (netty socket.io - https://github.com/mrniko/netty-socketio ) - I'm trying to access this server from a different web-server through javascript.

For a test I'm trying to get the Demo Chat running ( https://github.com/mrniko/netty-socketio-demo ).

The Problem now is that i keep getting the following

XMLHttpRequest cannot load http://myserver/socket.io/1/?t=1400445162388. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'myclient.com' is therefore not allowed access. 

So the big question is: How do i allow access to my java server? I've found a few solutions saying to add the 'header' to it, but i have no idea where to put that. Does that go into the socket.io server code?

I think i need something like this, placed somewhere on the JAVA server:

response.setHeader("Access-Control-Allow-Origin", "*");

This is the code which starts the server:

Configuration config = new Configuration();
    config.setHostname("localhost");
    config.setPort(80);
    final SocketIOServer server = new SocketIOServer(config);
    //ChatObject wurde extra implementiert, ggf. loeschen
    server.addJsonObjectListener(ChatObject.class, new DataListener<ChatObject>() {
        @Override
        public void onData(SocketIOClient client, ChatObject data, AckRequest ackRequest) throws Exception {
            // broadcast messages to all clients
            server.getBroadcastOperations().sendJsonObject(data);
        }
    });
    server.start();

and this is the output im getting from the server:

error: The specified resource was not found: /static/flashsocket/WebSocketMain.swf
error: The specified resource was not found: /static/flashsocket/WebSocketMainInsecure.swf
info: Session store / pubsub factory used: {}MemoryStoreFactory (local session store only)
info: SocketIO server started at port: {}80

Any help is greatly appreciated ! Thank you

Answer 1

I've confronted the similar problem yesterday and solved it mostly. I'd like to share my solution here.
Firstly, we all know it is so called CORS standard (cross-origin resource sharing) which means one resource we opened up from website A request another resource from website B ( reference ). Therefore, in your case, assume the original web server (with domain AAA.com) and your netty server (domain BBB.com), then append this line to your netty server to get permission：

config.setOrigin("http://AAA.com");

Note that you cannot use wildcard (*) for Access-Control-Allow-Origin in netty-socketio as it set credentials (ie, Access-Control-Allow-Credentials ) TRUE by default ( see here ). Keep in mind that the browser will also reject any response that does not have the Access-Control-Allow-Credentials: true header, and not make the response available to the invoking web content . Hope these help.

The followings are my library versions:
netty-socketio version

<dependency>
    <groupId>com.corundumstudio.socketio</groupId>
    <artifactId>netty-socketio</artifactId>
    <version>1.7.6</version>
</dependency>

socket.io.javascript

script(type="text/javascript", src="https://cdn.socket.io/socket.io-1.3.5.js")    

Answer 2

Use netty-socketio 1.7.1 or 1.6.6 version. Ability to set custom Access-Control-Allow-Origin via Configuration.origin parameter was added in this version.